Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add system test for Office 365 audit #449

Merged
merged 4 commits into from
Dec 15, 2020
Merged

Add system test for Office 365 audit #449

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
3993181
Add system test for Office 365 audiit
andrewkroh Dec 5, 2020
89ff3e5
Configure numeric_keyword_fields
andrewkroh Dec 14, 2020
066f6fb
Sync pipeline JS
andrewkroh Dec 14, 2020
8bd1783
Fix version
andrewkroh Dec 14, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
100 changes: 100 additions & 0 deletions packages/o365/_dev/deploy/docker/01-exchange-admin.log
View file
Open in desktop

Large diffs are not rendered by default.

9 changes: 9 additions & 0 deletions packages/o365/_dev/deploy/docker/02-exchange-item.log
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{"OrganizationName":"testsiem.onmicrosoft.com","UserKey":"S-1-5-18","MailboxGuid":"26286ffa-073d-45ff-9fe9-539891984d69","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"Create","ClientIPAddress":"::1","Item":{"InternetMessageId":"<AM6PR01MB4535D305187FEC8127CF8EDFEE160@AM6PR01MB4535.eurprd01.prod.exchangelabs.com>","IsRecord":false,"Id":"RgAAAACklF6sEsJgSK/ulVd531/WBwCzgXIUnq3lQqXFeCmxHwmHAAAAAAEMAACzgXIUnq3lQqXFeCmxHwmHAAAAABULAAAJ","Attachments":"warming_email_03_2017_calendar.png (599b); warming_email_03_2017_conversation.png (614b); warming_email_03_2017_links.png (1403b); google_play_store_badge.png (4824b); apple_store_badge.png (4446b); windows_store_badge.png (3681b); warming_email_03_2017_files.png (809b); warming_email_03_2017_sharePoint.png (1432b)","ParentFolder":{"Path":"\\Inbox","Id":"LgAAAACklF6sEsJgSK/ulVd531/WAQCzgXIUnq3lQqXFeCmxHwmHAAAAAAEMAAAB"},"Subject":"The new SIEMTest group is ready"},"LogonUserSid":"S-1-5-18","OriginatingServer":"AM6PR01MB4535 (15.20.2729.032)\n","RecordType":2,"Version":1,"ClientInfoString":"Client=WebServices;Action=ConfigureGroupMailbox","MailboxOwnerUPN":"SIEMTest@testsiem.onmicrosoft.com","MailboxOwnerMasterAccountSid":"S-1-5-10","MailboxOwnerSid":"S-1-5-21-3422892061-1135328251-2670905592-26680073","ResultStatus":"Succeeded","ExternalAccess":true,"LogonType":1,"ClientIP":"::1","Workload":"Exchange","InternalLogonType":1,"UserId":"S-1-5-18","CreationTime":"2020-02-17T17:12:03","Id":"3be78a31-dbd3-4c2c-eaf9-08d7b3cc8226","UserType":2}
{"OrganizationName":"testsiem.onmicrosoft.com","UserKey":"S-1-5-18","MailboxGuid":"778e6fd9-b5d5-4431-a10f-245bde6e0cb8","Operation":"Create","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","ClientIPAddress":"::1","Item":{"InternetMessageId":"<DB3PR0102MB35003D203E5553CBC1B8AAEAE2160@DB3PR0102MB3500.eurprd01.prod.exchangelabs.com>","IsRecord":false,"Id":"RgAAAABQ7FIOAzxlR4hKCRQRbTbvBwBTdQb34omtRrZGvP+4ONQkAAAAAAEMAABTdQb34omtRrZGvP+4ONQkAAAAAA0lAAAJ","ParentFolder":{"Path":"\\Inbox","Id":"LgAAAABQ7FIOAzxlR4hKCRQRbTbvAQBTdQb34omtRrZGvP+4ONQkAAAAAAEMAAAB"},"Attachments":"warming_email_03_2017_calendar.png (598b); warming_email_03_2017_conversation.png (613b); warming_email_03_2017_links.png (1402b); google_play_store_badge.png (4823b); apple_store_badge.png (4445b); windows_store_badge.png (3680b); warming_email_03_2017_files.png (808b); warming_email_03_2017_sharePoint.png (1431b)","Subject":"The new All Company group is ready"},"LogonUserSid":"S-1-5-18","RecordType":2,"OriginatingServer":"DB3PR0102MB3500 (15.20.2729.032)\n","Version":1,"ClientInfoString":"Client=WebServices;Action=ConfigureGroupMailbox","MailboxOwnerUPN":"AllCompany.4529848321.eqpfynvc@testsiem.onmicrosoft.com","MailboxOwnerMasterAccountSid":"S-1-5-10","MailboxOwnerSid":"S-1-5-21-3422892061-1135328251-2670905592-26679883","ResultStatus":"Succeeded","LogonType":1,"ExternalAccess":true,"ClientIP":"::1","Workload":"Exchange","InternalLogonType":1,"UserId":"S-1-5-18","CreationTime":"2020-02-17T08:53:46","Id":"c0790552-9989-4e91-cba4-08d7b386e642","UserType":2}
{"OrganizationName":"testsiem.onmicrosoft.com","UserKey":"S-1-5-18","MailboxGuid":"685170f5-2238-470d-824b-239a02afafbd","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"Create","ClientIPAddress":"::1","Item":{"InternetMessageId":"<DB7PR01MB442884FC2132AE2A909799BAFC160@DB7PR01MB4428.eurprd01.prod.exchangelabs.com>","IsRecord":false,"Id":"RgAAAABkkJvTy6NaRYV8EL+vMtzZBwAk6unHVumCRJNhRrAMRwYLAAAAAAEMAAAk6unHVumCRJNhRrAMRwYLAAAAAAk9AAAJ","ParentFolder":{"Path":"\\Inbox","Id":"LgAAAABkkJvTy6NaRYV8EL+vMtzZAQAk6unHVumCRJNhRrAMRwYLAAAAAAEMAAAB"},"Attachments":"warming_email_03_2017_calendar.png (598b); warming_email_03_2017_conversation.png (613b); warming_email_03_2017_links.png (1402b); google_play_store_badge.png (4823b); apple_store_badge.png (4445b); windows_store_badge.png (3680b); warming_email_03_2017_files.png (808b); warming_email_03_2017_sharePoint.png (1431b)","Subject":"The new All Company group is ready"},"LogonUserSid":"S-1-5-18","RecordType":2,"OriginatingServer":"DB7PR01MB4428 (15.20.2707.031)\n","Version":1,"ClientInfoString":"Client=WebServices;Action=ConfigureGroupMailbox","MailboxOwnerUPN":"AllCompany.4529848321.sqtielgo@testsiem.onmicrosoft.com","MailboxOwnerMasterAccountSid":"S-1-5-10","MailboxOwnerSid":"S-1-5-21-3422892061-1135328251-2670905592-26679882","ResultStatus":"Succeeded","ExternalAccess":true,"LogonType":1,"ClientIP":"::1","Workload":"Exchange","InternalLogonType":1,"UserId":"S-1-5-18","CreationTime":"2020-02-17T08:53:31","Id":"c6b58ed7-a54a-47cf-a301-08d7b386dd7c","UserType":2}
{"OrganizationName":"testsiem.onmicrosoft.com","UserKey":"S-1-5-18","MailboxGuid":"778e6fd9-b5d5-4431-a10f-245bde6e0cb8","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"ModifyFolderPermissions","ClientIPAddress":"::1","Item":{"Id":"LgAAAABQ7FIOAzxlR4hKCRQRbTbvAQBTdQb34omtRrZGvP+4ONQkAAAAAAENAAAC","ParentFolder":{"Path":"\\Calendar","MemberRights":"ReadAny, Visible, FreeBusySimple, FreeBusyDetailed","MemberSid":"S-1-8-2005823449-1144108501-1529089953-3087822558-1","Id":"LgAAAABQ7FIOAzxlR4hKCRQRbTbvAQBTdQb34omtRrZGvP+4ONQkAAAAAAENAAAC","MemberUpn":"Member@local","Name":"Calendar"}},"LogonUserSid":"S-1-5-18","RecordType":2,"OriginatingServer":"DB3PR0102MB3500 (15.20.2729.032)","Version":1,"ClientInfoString":"Client=WebServices;Action=ConfigureGroupMailbox","MailboxOwnerUPN":"AllCompany.4529848321.eqpfynvc@testsiem.onmicrosoft.com","MailboxOwnerMasterAccountSid":"S-1-5-10","MailboxOwnerSid":"S-1-5-21-3422892061-1135328251-2670905592-26679883","ResultStatus":"Succeeded","ExternalAccess":true,"LogonType":1,"ClientIP":"::1","Workload":"Exchange","InternalLogonType":1,"UserId":"S-1-5-18","CreationTime":"2020-02-17T08:53:41","Id":"815684be-4e52-4cb2-9242-08d7b386e333","UserType":2}
{"OrganizationName":"testsiem.onmicrosoft.com","UserKey":"S-1-5-18","MailboxGuid":"685170f5-2238-470d-824b-239a02afafbd","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"ModifyFolderPermissions","ClientIPAddress":"::1","Item":{"Id":"LgAAAABkkJvTy6NaRYV8EL+vMtzZAQAk6unHVumCRJNhRrAMRwYLAAAAAAENAAAC","ParentFolder":{"Path":"\\Calendar","MemberRights":"ReadAny, Create, EditOwned, DeleteOwned, EditAny, DeleteAny, Visible, FreeBusySimple, FreeBusyDetailed","MemberSid":"S-1-8-1750167797-1192043064-2586004354-3182407426-0","Id":"LgAAAABkkJvTy6NaRYV8EL+vMtzZAQAk6unHVumCRJNhRrAMRwYLAAAAAAENAAAC","MemberUpn":"Owner@local","Name":"Calendar"}},"LogonUserSid":"S-1-5-18","RecordType":2,"OriginatingServer":"DB7PR01MB4428 (15.20.2707.031)\n","Version":1,"ClientInfoString":"Client=WebServices;Action=ConfigureGroupMailbox","MailboxOwnerUPN":"AllCompany.4529848321.sqtielgo@testsiem.onmicrosoft.com","MailboxOwnerMasterAccountSid":"S-1-5-10","MailboxOwnerSid":"S-1-5-21-3422892061-1135328251-2670905592-26679882","ResultStatus":"Succeeded","ExternalAccess":true,"LogonType":1,"ClientIP":"::1","Workload":"Exchange","InternalLogonType":1,"UserId":"S-1-5-18","CreationTime":"2020-02-17T08:53:22","Id":"f5b56c26-18aa-4984-822e-08d7b386d7e2","UserType":2}
{"OrganizationName":"testsiem.onmicrosoft.com","UserKey":"S-1-5-18","MailboxGuid":"685170f5-2238-470d-824b-239a02afafbd","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"ModifyFolderPermissions","ClientIPAddress":"::1","Item":{"Id":"LgAAAABkkJvTy6NaRYV8EL+vMtzZAQAk6unHVumCRJNhRrAMRwYLAAAAAAENAAAC","ParentFolder":{"Path":"\\Calendar","MemberRights":"ReadAny, Visible, FreeBusySimple, FreeBusyDetailed","MemberSid":"S-1-8-1750167797-1192043064-2586004354-3182407426-1","Id":"LgAAAABkkJvTy6NaRYV8EL+vMtzZAQAk6unHVumCRJNhRrAMRwYLAAAAAAENAAAC","MemberUpn":"Member@local","Name":"Calendar"}},"LogonUserSid":"S-1-5-18","OriginatingServer":"DB7PR01MB4428 (15.20.2707.031)\n","RecordType":2,"Version":1,"ClientInfoString":"Client=WebServices;Action=ConfigureGroupMailbox","MailboxOwnerUPN":"AllCompany.4529848321.sqtielgo@testsiem.onmicrosoft.com","MailboxOwnerMasterAccountSid":"S-1-5-10","MailboxOwnerSid":"S-1-5-21-3422892061-1135328251-2670905592-26679882","ResultStatus":"Succeeded","LogonType":1,"ExternalAccess":true,"ClientIP":"::1","Workload":"Exchange","InternalLogonType":1,"UserId":"S-1-5-18","CreationTime":"2020-02-17T08:53:22","Id":"25ccad93-82ad-4742-5231-08d7b386d7e6","UserType":2}
{"OrganizationName":"testsiem.onmicrosoft.com","UserKey":"S-1-5-18","MailboxGuid":"778e6fd9-b5d5-4431-a10f-245bde6e0cb8","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"ModifyFolderPermissions","ClientIPAddress":"::1","Item":{"Id":"LgAAAABQ7FIOAzxlR4hKCRQRbTbvAQBTdQb34omtRrZGvP+4ONQkAAAAAAENAAAC","ParentFolder":{"Path":"\\Calendar","MemberRights":"ReadAny, Create, EditOwned, DeleteOwned, EditAny, DeleteAny, Visible, FreeBusySimple, FreeBusyDetailed","MemberSid":"S-1-8-2005823449-1144108501-1529089953-3087822558-0","MemberUpn":"Owner@local","Id":"LgAAAABQ7FIOAzxlR4hKCRQRbTbvAQBTdQb34omtRrZGvP+4ONQkAAAAAAENAAAC","Name":"Calendar"}},"LogonUserSid":"S-1-5-18","OriginatingServer":"DB3PR0102MB3500 (15.20.2729.032)\n","RecordType":2,"Version":1,"ClientInfoString":"Client=WebServices;Action=ConfigureGroupMailbox","MailboxOwnerUPN":"AllCompany.4529848321.eqpfynvc@testsiem.onmicrosoft.com","MailboxOwnerMasterAccountSid":"S-1-5-10","MailboxOwnerSid":"S-1-5-21-3422892061-1135328251-2670905592-26679883","ResultStatus":"Succeeded","LogonType":1,"ExternalAccess":true,"ClientIP":"::1","Workload":"Exchange","InternalLogonType":1,"UserId":"S-1-5-18","CreationTime":"2020-02-17T08:53:41","Id":"edb9bb1f-9629-43a1-0a57-08d7b386e31c","UserType":2}
{"OrganizationName":"testsiem.onmicrosoft.com","UserKey":"S-1-5-18","MailboxGuid":"26286ffa-073d-45ff-9fe9-539891984d69","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","Operation":"ModifyFolderPermissions","ClientIPAddress":"::1","Item":{"Id":"LgAAAACklF6sEsJgSK/ulVd531/WAQCzgXIUnq3lQqXFeCmxHwmHAAAAAAENAAAC","ParentFolder":{"Path":"\\Calendar","MemberRights":"ReadAny, Create, EditOwned, DeleteOwned, EditAny, DeleteAny, Visible, FreeBusySimple, FreeBusyDetailed","MemberSid":"S-1-8-640184314-1174341437-2555636127-1766693009-1","MemberUpn":"Member@local","Id":"LgAAAACklF6sEsJgSK/ulVd531/WAQCzgXIUnq3lQqXFeCmxHwmHAAAAAAENAAAC","Name":"Calendar"}},"LogonUserSid":"S-1-5-18","OriginatingServer":"AM6PR01MB4535 (15.20.2729.032)\n","RecordType":2,"Version":1,"ClientInfoString":"Client=WebServices;Action=ConfigureGroupMailbox","MailboxOwnerUPN":"SIEMTest@testsiem.onmicrosoft.com","MailboxOwnerMasterAccountSid":"S-1-5-10","MailboxOwnerSid":"S-1-5-21-3422892061-1135328251-2670905592-26680073","ResultStatus":"Succeeded","LogonType":1,"ExternalAccess":true,"ClientIP":"::1","Workload":"Exchange","InternalLogonType":1,"UserId":"S-1-5-18","CreationTime":"2020-02-17T17:12:03","Id":"df63d186-b4d9-49a8-748c-08d7b3cc81fb","UserType":2}
{"OrganizationName":"testsiem.onmicrosoft.com","UserKey":"S-1-5-18","MailboxGuid":"26286ffa-073d-45ff-9fe9-539891984d69","Operation":"ModifyFolderPermissions","OrganizationId":"b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd","ClientIPAddress":"::1","Item":{"Id":"LgAAAACklF6sEsJgSK/ulVd531/WAQCzgXIUnq3lQqXFeCmxHwmHAAAAAAENAAAC","ParentFolder":{"Path":"\\Calendar","MemberRights":"ReadAny, Create, EditOwned, DeleteOwned, EditAny, DeleteAny, Visible, FreeBusySimple, FreeBusyDetailed","MemberSid":"S-1-8-640184314-1174341437-2555636127-1766693009-0","Id":"LgAAAACklF6sEsJgSK/ulVd531/WAQCzgXIUnq3lQqXFeCmxHwmHAAAAAAENAAAC","MemberUpn":"Owner@local","Name":"Calendar"}},"LogonUserSid":"S-1-5-18","OriginatingServer":"AM6PR01MB4535 (15.20.2729.032)\n","RecordType":2,"Version":1,"ClientInfoString":"Client=WebServices;Action=ConfigureGroupMailbox","MailboxOwnerUPN":"SIEMTest@testsiem.onmicrosoft.com","MailboxOwnerMasterAccountSid":"S-1-5-10","MailboxOwnerSid":"S-1-5-21-3422892061-1135328251-2670905592-26680073","ResultStatus":"Succeeded","ExternalAccess":true,"LogonType":1,"ClientIP":"::1","Workload":"Exchange","InternalLogonType":1,"UserId":"S-1-5-18","CreationTime":"2020-02-17T17:12:03","Id":"284dfe85-ab53-48ad-0863-08d7b3cc81f7","UserType":2}
4 changes: 4 additions & 0 deletions packages/o365/_dev/deploy/docker/04-sharepoint.log
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
{"ListItemUniqueId": "59a8433d-9bb8-cfef-6edc-4c0fc8b86875", "ItemType": "Page", "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/_layouts/15/onedrive.aspx", "Workload": "OneDrive", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "asr@testsiem.onmicrosoft.com", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "Id": "99d005e6-a4c6-46fd-117c-08d7abeceab5", "CustomUniqueId": true, "UserType": 0, "Version": 1, "EventSource": "SharePoint", "CorrelationId": "622b339f-4000-a000-f25f-92b3478c7a25", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "ClientIP": "213.97.47.133", "Operation": "PageViewed", "CreationTime": "2020-02-07T16:43:53", "RecordType": 4}
{"ListItemUniqueId": "59a8433d-9bb8-cfef-6edc-4c0fc8b86875", "ItemType": "Page", "Workload": "OneDrive", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "asr@testsiem.onmicrosoft.com", "CreationTime": "2020-02-07T16:43:53", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "ClientIP": "213.97.47.133", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "UserType": 0, "Version": 1, "EventSource": "SharePoint", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "CustomUniqueId": true, "Operation": "PageViewed", "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/_layouts/15/onedrive.aspx", "Id": "99d005e6-a4c6-46fd-117c-08d7abeceab5", "CorrelationId": "622b339f-4000-a000-f25f-92b3478c7a25", "RecordType": 4}
{"UserId": "asr@testsiem.onmicrosoft.com", "ListItemUniqueId": "59a8433d-9bb8-cfef-6edc-4c0fc8b86875", "RecordType": 4, "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/_layouts/15/onedrive.aspx", "Workload": "OneDrive", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "UserType": 0, "CreationTime": "2020-02-07T16:43:53", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "ClientIP": "213.97.47.133", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "Version": 1, "EventSource": "SharePoint", "CustomUniqueId": true, "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "Operation": "PageViewed", "Id": "99d005e6-a4c6-46fd-117c-08d7abeceab5", "CorrelationId": "622b339f-4000-a000-f25f-92b3478c7a25", "ItemType": "Page"}
{"Workload": "OneDrive", "Version": 1, "RecordType": 4, "ObjectId": "https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/_layouts/15/onedrive.aspx", "OrganizationId": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", "UserId": "asr@testsiem.onmicrosoft.com", "CreationTime": "2020-02-07T16:43:53", "Site": "d5180cfc-3479-44d6-b410-8c985ac894e3", "Id": "99d005e6-a4c6-46fd-117c-08d7abeceab5", "WebId": "8c5c94bb-8396-470c-87d7-8999f440cd30", "UserType": 0, "ListItemUniqueId": "59a8433d-9bb8-cfef-6edc-4c0fc8b86875", "EventSource": "SharePoint", "UserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "UserKey": "i:0h.f|membership|1003200096971f55@live.com", "CustomUniqueId": true, "ClientIP": "213.97.47.133", "Operation": "PageViewed", "CorrelationId": "622b339f-4000-a000-f25f-92b3478c7a25", "ItemType": "Page"}
Loading